First:

My first question is: Is this a good or rather I should say,the CORRECT 
thing to do??

Nobody can say whether it is good or bad except you, because only you best understand the logics and scope and scalability of your system. Point is, it depends on your system and requirement. Moreover, what you are doing, is a very common Role based action scenario and you can see examples of it almost anywhere, be it Windows OS, or Sql Server, or your typical FB friends list privacy properties.

Second:

My second question: Currently I have achieved this by using numbers 1 to 8 for 
privileges..the higher the number more the privileges.Is this method OK?

Again, it is totally your decision, nobody can say whether it is good or bad, it all depends on how simple or complex this decision of yours is going to make implementation of your system. On a more personal note, you shouldn't tie up permission levels based on value of a number, rather, you should take any unique identifier(number or string) for a given specific role and assign it privileges in the form of a mapping table i.e.

RolePermissionMaster:

RoleId AppActivity
1          1
1          2
1          3
1          4
2          1

where AppActivity is another table defining meaning of 1,2,3,4 and so on i.e.

AppActivityMaster:

 Id   Value
 1    READ
 2    EDIT
 3    DELETE
 4    CREATE